Complex File IDs/URLs
We would like to see more complex file IDs to create more complex, and thus more secure, file URLs.
Currently, if an instructor uploads several files at once in the Files area of a course, the files are assigned sequential numeric identification numbers. These file IDs create file URLs that differ from each other by +/- one or two numbers.
This is an issue when the files uploaded simultaneously are related to exam content or other secure/sensitive materials. We recently had an instructor who uploaded exam instructions and an exam file at the same time. He posted the exam instructions to students in advance of the exam and thought that the exam file would be secure because it was linked in a quiz that was not yet available to students. However, since the file IDs were sequential, students were able to guess their way into the exam file before the time of the exam.
The only way to restrict student access to files is to put date limits on the student availability of the file (or folder). This additional step is not intuitive to instructors, especially when they have taken other measures to protect their files, such as hiding the Files tab from the student navigation menu of a course. This also adds additional work for instructors when they're building their exams, not to mention work for those of us in learning support roles as we try to teach instructors to work around this file security vulnerability.
Non-sequential and/or alphanumeric file IDs (as opposed to just numeric IDs) would make file IDs exponentially more difficult to guess, thus making files more secure.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.